THE MATHEMATICS OF GAUSS Introduction Carl Friedrich Gauss

THE MATHEMATICS OF GAUSS

DAVID SAVITT

Introduction

Carl Friedrich Gauss was born on April 30, 1777, in Brunswick, Germany, theson of Gebhard Dietrich Gauss, a bricklayer, and Dorothea Emerenzia Gauss. CarlFriedrich’s mathematical talents showed themselves early: when he was three yearsold, he found an error in his father’s payroll calculations. At the age of seven, heentered St. Katharine’s Volksschule, where he was taught by J.G. Buttner. Themost famous incident from Gauss’s youth took place when Buttner assigned to hisclass the task of summing the numbers from 1 to 100. While the other pupilsbusied themselves with the task, Gauss almost immediately wrote an answer on histablet and handed it in. Buttner, at first skeptical, found that Gauss’s solution wascompletely correct. Gauss explained himself: he had noticed that 1 + 100 = 101,2 + 99 = 101, and so on, so that 1 + · · ·+ 100 = 50 · 101 = 5050.

Gauss quickly outpaced what he could be taught at the Katharineum, and beganto be tutored privately in mathematics by a neighbor, Johann Bartels, who himselfwould later become a professor of mathematics. At the age of 14, Gauss came tothe attention of the Duke of Brunswick: the Duchess saw Gauss reading in thepalace yard one day, and was much impressed that Gauss understood what he wasreading. When Gauss entered the Collegium Carolinum in 1792, the Duke paid histuition.

At the Collegium, Gauss studied the works of Newton, Euler, and Lagrange. Hisinvestigations on the distribution of primes in 1792 or 1793 give an early indicationof his interest in number theory. He also developed his strong love of languages:he “completed his knowledge of the ancient languages and learned the modernlanguages” ([Dun04],p. 18).

In 1795, Gauss left Brunswick for Gottingen. He continued to be supplied tuition,a stipend, and a free apartment by his patron, the Duke of Brunswick.

1. The 17-gon

1.1. Geometry and algebra. Gauss’s first publication appeared in AllgemeineLiteraturzeitung in April, 1796: ([Dun04], p.28)

It is known to every beginner in geometry that various regularpolygons, viz., the triangle, tetragon, pentagon, 15-gon, and thosewhich arise by the continued doubling of the number of sides ofone of them, are geometrically constructible.

One was already that far in the time of Euclid, and, it seems, ithas generally been said since then that the field of elementary ge-ometry extends no farther: at least I know of no successful attemptto extend its limits on this side.

1

2 DAVID SAVITT

So much the more, methinks, does the discovery deserve atten-tion... that besides those regular polygons a number of others, e.g.,the 17-gon, allow of a geometrical construction. This discovery isreally only a special supplement to a theory of greater inclusive-ness, not yet completed, and is to be presented to the public assoon as it has received its completion.

Carl Friedrich GaussStudent of Mathematics at Gottingen

To construct a regular 15-gon with straightedge and compass, first construct aregular pentagon; draw the circle in which this pentagon is inscribed, and inscribefive equilateral triangles inside that circle, each sharing one vertex with the penta-gon. The fifteen vertices of these triangles will form the vertices of a regular 15-gon.To construct a regular 2n-gon from a regular n-gon, simply bisect each of the ncentral angles of the n-gon. Thus, starting from the triangle, square, and pentagonit is possible to construct regular polygons with 6, 12, 24, etc. sides, with 4, 8, 16etc. sides, with 5, 10, 20 etc. sides, and even with 15, 30, 60 etc. sides. To thislist, which had remained unchanged for nearly 2000 years, Gauss not only addedthe 17-gon, but gave a nearly-complete solution to the question: for which valuesof n can the regular n-gon be constructed?

Though the result was announced in 1796, the details appeared in print in 1801,in Section VII (“Equations Defining Sections of a Circle”) in Gauss’s masterworkDisquisitiones Arithmeticae [Gau66]. As we shall explain below, the problem maybe translated from geometry into algebra; Gauss’s crucial insight, noted on March30, 1796, in the opening entry of his scientific diary, allowed him to resolve therelated algebraic problem:

The theory of the division of a circle or of a regular polygon treatedin Section VII of itself does not pertain to Arithmetic but the prin-ciples involved depend uniquely on Higher Arithmetic. This willperhaps prove unexpected to geometers, but I hope they will beequally pleased with the new results that derive from this treat-ment. ([Gau66], Author’s Preface)

According to H.S.M. Coxeter [Cox77], the idea that a complex number x +iy may be viewed as the point (x, y) in the plane should be attributed to theDanish mathematician Caspar Wessel (1745-1818). In this manner, one may studygeometry of the plane by studying the arithmetic of complex numbers. View thepoint (x, y) in polar coordinates: suppose that the point (x, y) has distance r fromthe origin, and that the line from the origin to (x, y) makes an angle θ from thepositive real axis. Then we know, essentially from the definition of the trigonometricfunctions, that x = r cos θ and y = r sin θ.

From this geometric interpretation, we see that

x + iy = r cos θ + ir sin θ = r(cos θ + i sin θ) ,

or, writing cis θ = cos θ + i sin θ, that x + iy = r cis θ. This reformulation givesparticular insight into the multiplication of complex numbers. If x + iy = r1 cis θ1

and u + iv = r2 cis θ2, then we can compute the product using the angle-addition

THE MATHEMATICS OF GAUSS 3

formulas for cos and sin:

(x + iy)(u + iv) = (xu− yv) + i(xv + yu)= r1r2((cos θ1 cos θ2 − sin θ1 sin θ2) + i(cos θ1 sin θ2 + cos θ2 sin θ1))= r1r2(cos(θ1 + θ2) + i sin(θ1 + θ2))= r1r2 cis(θ1 + θ2) .

That is, when we multiply two complex numbers, the distances from the originmultiply, and the angles add.

Definition 1.1. An nth root of unity is any complex number z such that zn = 1.A primitive nth root of unity is an nth root of unity that is not a kth root of unityfor any positive integer k < n.

For example, 1 and −1 are both square roots of unity, but only −1 is a primitivesquare root of unity.

Exercise 1.2. Verify that −1±√−32 are primitive 3rd roots of unity, and that ±i

are the primitive 4th roots of unity. What are the primitive 6th and 8th roots ofunity?

Set ζn = cis 2πn . Our formula for the multiplication of complex numbers shows

immediately that

ζkn = cis

2πk

n,

and in particular that ζnn = cis 2π = cos 2π + i sin 2π = 1. Therefore ζn is an nth

root of unity.

Exercise 1.3. Prove the formulas

cos2πk

n=

12

(ζkn + ζ−k

n

)

and

sin2πk

n=

12i

(ζkn − ζ−k

n

).

Exercise 1.4. Show that ζn is a primitive nth root of unity.

Exercise 1.5. Show that every nth root of unity is of the form ζkn for some k, and

moreover that ζkn is a primitive nth root of unity if and only if k is relatively prime

to n.

Suppose we have a regular n-gon inscribed in a circle of radius 1 centered atthe origin, and with one vertex at the point (1, 0). Then the vertices of this n-gonwill be at exactly the points corresponding to the complex numbers cis 2πk

n , that is,to the nth roots of unity. For example, if a square centered at the origin has onevertex at (1, 0), then the other vertices will be at (0, 1), (−1, 0), and (0,−1), andthese four vertices correspond to 1, i,−1,−i respectively. Therefore, the problemof constructing a regular n-gon is the same as the problem: given points (0, 0) and(1, 0), construct the number ζn = cis 2π

n ; and any resolution of this problem shouldmake use of the algebraic fact that ζn is a root of the polynomial zn−1 = 0. It wasalready known (from work of Cotes, of DeMoivre, and of Euler; [Dun04], p. 29)that construction of the n-gon depends on solving the equation zn − 1 = 0; Gausswas the first to succeed at the latter.

4 DAVID SAVITT

Using a straightedge and compass, given a segment of length defined to be 1, it ispossible to add, subtract, multiply, and divide known lengths, and it is also possibleto extract square roots. We can therefore use a straightedge and compass to solvelinear and quadratic equations. (In fact, the reader should try to convince herselfor himself that these are essentially the only equations one can solve, when our onlyoperations are intersecting two known lines, two known circles, or a known line anda known circle.) On the other hand, at first glance, it appears that constructingζ17 should involve the solution of an equation of degree 17, since we are trying tofind a root of the equation

z17 − 1 = 0 .

Not so fast! In fact, the polynomial z17 − 1 has an obvious root, namely 1; andtherefore the polynomial has the factor z − 1. It follows that ζ17 is a root of thepolynomial

Φ17(z) =z17 − 1z − 1

= z16 + z15 + · · ·+ z + 1 .

Exercise 1.6. If p is a prime number, set Φp(z) = zp−1z−1 = zp−1 + · · ·+z+1. Verify

that the roots of Φp(z) = 0 are precisely the primitive pth roots of unity.

So we still have some hope: ζ17 is actually a root of a polynomial of degree 16, andit is conceivable that a solution of an equation of degree 16 can be found by solvingfour successive equations of degree 2, which can then be solved by straightedge andcompass.

1.2. Φp is irreducible. A priori, it is possible that ζ17 might yet be the root ofa polynomial of degree smaller than 16: perhaps there is another, less obviousfactor of Φ17(z) that we have not found. In actuality, no such factor exists. Moregenerally, we will now give Gauss’s proof that Φp(z) is an irreducible polynomial,that is, that Φp(z) cannot be factored into two polynomials of lower degree withrational coefficients. The proof may be found in article 341 of [Gau66]. We needthe following preliminaries.

Definition 1.7. A polynomial f(z) = anzn + · · · + a0 with integer coefficients issaid to be monic if an = 1.

Lemma 1.8 (Gauss’s Lemma). If f(z) is a monic polynomial with integer coef-ficients and f(z) can be factored into two polynomials with rational coefficients,then it may be factored into two monic polynomials of lower degree with integercoefficients.

Gauss proves this important lemma in article 42 in [Gau66].

Exercise 1.9. Prove Gauss’s Lemma.

The following lemma is article 338 in [Gau66].

Lemma 1.10. If the polynomial f(z) = (z − r1) · · · (z − rd) with roots r1, . . . , rd

has rational coefficients, then the polynomial f (k)(z) = (z− rk1 ) · · · (z− rk

d) also hasrational coefficients.

Exercise 1.11. Prove Lemma 1.10. Hint: If d = 2, then r21+r2

2 = (r1+r2)2−2(r1r2)and r2

1r22 = (r1r2)2 are certainly both rational. The proof for larger d is more

complicated, but not more difficult; use Newton’s results on symmetric functions.


Lemma 1.12. If f(z1, . . . , zd) is a polynomial with integer coefficients and ifc1, . . . , cd are integers, then the sum

S =p−1∑

k=0

f(ζkc1p , . . . , ζkcd

p )

is an integer which is divisible by p.

Proof. Set g(z) = f(zc1 , . . . , zcd), so that

S =p−1∑

k=0

g(ζkp ) .

Using polynomial division, write

g(z) = (zp − 1)q(z) + h(z)

with the degree of h(z) strictly less than p; then g(ζkp ) = h(ζk

p ), so if h(z) =hp−1z

p−1 + · · ·+ h0 then

g(ζkp ) = hp−1ζ

k(p−1)p + · · ·+ h1ζ

kp + h0 .

Since

(1.13)p−1∑

k=0

ζkip =

{0 if 1 < i ≤ p− 1p if i = 0

we find S = ph0, as desired. ¤

Exercise 1.14. Verify equation (1.13).

Finally, we are ready to give Gauss’s proof of:

Theorem 1.15 ([Gau66], art. 341). Φp(z) is irreducible.

Suppose, for the purposes of contradiction, that Φp(z) is divisible by a polynomialf(z) with rational coefficients and degree d < p− 1, and suppose that the roots off(z) are ζc1

p , . . . , ζcdp . Let f (k)(z) be the polynomial whose roots are ζkc1

p , . . . , ζkcdp .

Exercise 1.16. Show that∏p−1

k=1 f (k)(z) = Φp(z)d. (Hint: count the number oftimes each primitive pth root of unity occurs as a root of the product on the left-hand side.)

Exercise 1.17. By Lemma 1.10, each f (k)(z) has rational coefficients. Use Gauss’sLemma (Lemma 1.8) and the preceding exercise to conclude that each f (k)(z) hasinteger coefficients. In particular, f (k)(1) is an integer for all k.

Exercise 1.18. Use Lemma 1.12 and the fact that f (0)(1) = 0 to show thatp | ∑p−1

k=1 f (k)(1) . Also verify that∏p−1

k=1 f (g)(1) = pd.

Exercise 1.19. Finally, prove that f (k)(1) is positive for all k. (Hint: how manyreal roots does f (k) have?) It follows that f (k)(1) is either 1 or a multiple of p;use the results of Exercise 1.18 to deduce a contradiction to the hypothesis thatd < p− 1. Conclude that Φp(z) is irreducible.

Finally, we note that this is not at all equivalent to the more standard proof thatΦp is irreducible using Eisenstein’s irreducibility criterion:

6 DAVID SAVITT

Theorem 1.20 (Eisenstein’s Criterion). Let f(z) = zn + an−1zn−1 + · · · + a0

be a monic polynomial with integer coefficients. Suppose that all the coefficientsa0, . . . , an−1 are divisible by p and the constant coefficient a0 is not divisible by p2.Then f(z) is irreducible.

A polynomial satisfying the hypotheses of this theorem is said to be “Eisensteinat p”.

Exercise 1.21. Fill in the details in the following sketch of a proof of Eisenstein’scriterion: suppose f(z) factors as f(z) = g(z)h(z), with g(z), h(z) monic of degreed, n − d respectively. Show that g(z) ≡ zd (mod p) and h(z) ≡ zn−d (mod p), sothat g(0) and h(0) are both divisible by p. Deduce a contradiction.

Exercise 1.22. Show that the polynomial Φp(z + 1) is Eisenstein at p, so that itis irreducible. Conclude that Φp(z) is also irreducible.

Eisenstein’s criterion is essentially a p-adic irreducibility criterion. On the otherhand, Gauss’s proof makes definite use of properties of the integers.

1.3. The algebraic construction. At the heart of Gauss’s deduction of the con-structibility of the 17-gon is the following observation, which we will study moresystematically in Section 4.1. If we begin with ζ17 and repeatedly square this num-ber, we get a cycle of length 8:

ζ17 Ã ζ217 Ã ζ4

17 Ã ζ817 Ã ζ16

17 Ã ζ1517 Ã ζ13

17 Ã ζ917 Ã ζ17 · · ·

where we use, for example, that ζ3217 = ζ15

17 . Choosing any primitive 17th root ofunity not in the above cycle and repeatedly squaring yields another cycle containingall of the remaining primitive 17th roots of unity:

ζ317 Ã ζ6

17 Ã ζ1217 Ã ζ7

17 Ã ζ1417 Ã ζ11

17 Ã ζ517 Ã ζ10

17 Ã ζ317 Ã · · · .

Define(8, ζ17) = ζ17 + ζ2

17 + ζ417 + ζ8

17 + ζ1617 + ζ15

17 + ζ1317 + ζ9

17

and(8, ζ3

17) = ζ317 + ζ6

17 + ζ1217 + ζ7

17 + ζ1417 + ζ11

17 + ζ517 + ζ10

17 ,

the sums of the roots contained in the two cycles; we will call these two numbersthe periods of length 8 for ζ17.

Then(8, ζ17) + (8, ζ3

17) = ζ17 + ζ217 + · · ·+ ζ16

17 = −1since ζ16

17 + · · · + ζ17 + 1 = 0. We can also evaluate the product (8, ζ17) · (8, ζ317).

Since the two periods each are defined as a sum of eight terms, the product contains64 terms, and one can see by direct (if exhausting) calculation that the product issimply

4ζ17 + 4ζ217 + · · ·+ 4ζ16

17 = −4 .

On the other hand, one can also see this by “pure thought”.

Exercise 1.23. Verify that each of the primitive 17th roots of unity appearingin (8, ζ17) are of the form ζk

17 where k is a square (mod 17), and that each of theprimitive 17th roots of unity appearing in (8, ζ17) are of the form ζk

17 where k is anon-square (mod 17). Use this, together with the fact that −1 is a square (mod 17),to check that none of the 64 terms in the product (8, ζ17) · (8, ζ3

17) are equal to 1.to Conclude that

(8, ζ17) · (8, ζ317) = a1ζ

117 + · · ·+ a16ζ

1617


with a1 + · · ·+ a16 = 64.

Letf(x) = (x + x2 + x4 + · · ·+ x9)(x3 + x6 + · · ·+ x10) ,

where the exponents in the first factor are the eight squares (mod 17) and theexponents in the second factor are the eight non-squares (mod 17). Divide

f(x) = (x17 − 1)q(x) + h(x)

so that the degree of h(x) is smaller than 17.

Exercise 1.24. Prove that h(x) = a1x1 + · · ·+ a16x

16. Verify from the definitionof f(x) that both h(ζ17) and h(ζ3

17) are equal to (8, ζ17) · (8, ζ317). It follows that

a1ζ17 + a2ζ217 + · · ·+ a16ζ

1617 = a1ζ

317 + a2ζ

2·317 + · · ·+ a16ζ

16·317 .

Finally, use the irreducibility of Φ17(z) to conclude that a3·k = ak for all k (withthe subscripts considered modulo 17), and therefore that all of the ak are equal(and hence all equal to 4).

In any case, we have shown that

(8, ζ17) + (8, ζ317) = −1

and(8, ζ17) · (8, ζ3

17) = −4If follows that (8, ζ17) and (8, ζ3

17) are the two roots of the quadratic equation

z2 + z − 4 .

This equation has roots −1±√172 , and it is natural to ask which of these is (8, ζ17) and

which is (8, ζ317). We shall see in Section 4.3 how to determine this theoretically; for

now, note that using a hand-held calculator to perform an approximate computationof the sum

cos2π

17+ cos

2π · 217

+ cos2π · 417

+ · · ·+ cos2π · 917

≈ 1.5615528 · · ·

is enough to prove that (8, ζ17) = −1+√

172 and (8, ζ3

17) = −1−√172 .

So we have seen how to write the two periods of length 8 as the roots of aquadratic equation with integer coefficients. The next step is to see that there areperiods of length 4 for ζ17 which may be written as roots of a quadratic equationwhose coefficients are not necessarily integers, but may be computed from theperiods of length 8.

To this end, observe that each period of length 8 breaks naturally into twocycles of length 4, obtained by successively squaring twice (i.e., by successivelytaking fourth powers). That is, the cycles are

ζ17 Ã ζ417 Ã ζ16

17 Ã ζ1317 Ã ζ17 Ã · · ·

ζ217 Ã ζ8

17 Ã ζ1517 Ã ζ9

17 Ã ζ217 Ã · · ·

ζ317 Ã ζ12

17 Ã ζ1417 Ã ζ5

17 Ã ζ317 Ã · · ·

ζ617 Ã ζ7

17 Ã ζ1117 Ã ζ10

17 Ã ζ617 Ã · · ·

and the corresponding periods (i.e., the sums of the numbers in the cycle) will bedenoted (4, ζ17), (4, ζ2

17), (4, ζ317) and (4, ζ6

17) respectively. One verifies immediatelythat

(4, ζ17) + (4, ζ217) = (8, ζ17)

8 DAVID SAVITT

and(4, ζ3

17) + (4, ζ617) = (8, ζ3

17) .

We can also directly compute the products

(4, ζ17) · (4, ζ217) = ζ17 + · · ·+ ζ16

17 = −1

and(4, ζ3

17) · (4, ζ617) = ζ17 + · · ·+ ζ16

17 = −1 ,

so that these periods may be found as the four roots of the two quadratic equations

z2 − (8, ζ17)z − 1

andz2 − (8, ζ3

17)z − 1 .

Exercise 1.25. Show by “pure thought” (as in Exercise 1.24, but using an identityof the form h(ζ17) = h(ζ4

17) instead) that the product of any two of the periods oflength 4 will be an integer plus a sum of periods of length 4. Similarly, show bypure thought that (4, ζ17) · (4, ζ2

17) is a sum of periods of length 8.

Finally, the four cycles of length 4 break into eight cycles of length 2:

ζ17 ↔ ζ1617 , ζ4

17 ↔ ζ1317 , . . .

yielding eight periods (2, ζ17), (2, ζ417), . . . of length 2. Check that (2, ζ17)+(2, ζ4

17) =(4, ζ17) and (2, ζ17) · (2, ζ4

17) = (4, ζ317), so that (2, ζ17) and (2, ζ4

17) are roots of

z2 − (4, ζ17)z + (4, ζ317) = 0 .

Finally, ζ17 and ζ1617 are the roots of

z2 − (2, ζ17)z + 1 = 0 .

In this manner, ζ17 may be computed by solving a succession of four quadraticequations, the coefficients of the next equation involving only the roots of theformer. We conclude that the 17-gon is constructible.

Gauss was so fond of this result that he requested that a 17-gon be engravedon his tombstone; in fact this request was not honored, as the engraver felt thatvisitors would mistake the 17-gon for a circle, but there is a 17-pointed star on thebase of the monument.

We close this section with two notes. First, one can solve the above quadraticequations to obtain an explicit expression for ζ17. For example, cos 2π

17 is equal to

116

(−1 +

√17 +

√34− 2

√17 + 2

√17 + 3

√17−

√34− 2

√17− 2

√34 + 2

√17

).

Second, we shall see in Section 4.1 that the same method as the above can beused to show that the (22m

+ 1)-gon is constructible whenever 22m

+ 1 is prime.(Note that 2k + 1 may be prime only if k is a power of 2.) Moreover, the p-gon isnot constructible if p− 1 is not a power of 2: if p− 1 has a prime factor q > 2, onecannot avoid having to solve an equation of degree q in an attempted constructionof ζp. Similarly, the p2-gon is never constructible for p > 2. Hence the n-gonis constructible if and only if n is a product of primes of the form 22m

+ 1 (atmost once each) times a power of 2. This is not quite a complete description ofthe constructible n-gons, since it is still an open problem to determine whether3, 5, 17, 257, 65537 is a complete list of the primes of the form 22m

+ 1.


2. An Extraordinary Arithmetic Truth

2.1. Disquisitiones Arithmeticae. In 1795, Gauss happened upon the followingtheorem:

Theorem 2.1 ([Gau66], article 108). There exists x such that x2 ≡ −1 (mod p) ifand only if p = 2 or p ≡ 1 (mod 4).

In fact, this result was long-known when Gauss discovered it; Euler and Lagrangecertainly both knew how to prove it. In the Author’s Preface to DisquisitionesArithmeticae [Gau66], published in 1801, Gauss explains the significance of theresult to him:

The purpose of this volume whose publication I promised five yearsago is to present my investigations into the field of Higher Arith-metic. Lest anyone be surprised that the contents here go backover many first principles and that many results had been givenenergetic attention by other authors, I must explain to the readerthat when I first turned to this type of inquiry in the beginning of1795 I was unaware of the more recent discoveries in the field andwas without the means of discovering them. What happened wasthis. Engaged in other work I chanced upon an extraordinary arith-metic truth (if I am not mistaken, it was the theorem of art. 108).Since I considered it so beautiful in itself and since I suspected itsconnection with even more profound results, I concentrated all myefforts in order to understand the principles on which it dependedand to obtain a rigorous proof. When I succeeded in this I was soattracted by these questions that I could not let them be.

Thus Gauss, in the first four sections of Disquisitiones, gives a systematic intro-duction to modular arithmetic, building to his first proof of quadratic reciprocity; asGauss explains above, many (perhaps most) of the results therein are not original tohim, though to some extent he discovered them independently. In fact, Legendre’sEssai sur la theorie des nombres [Leg98] was published during the writing of Disqui-sitiones, and contained many of the same introductory results. However, althoughEuler and Lagrange knew the statement of quadratic reciprocity and Lagrange (aswe shall see in Sections 3.1) had been able to prove a few special cases, the firstcomplete proof of quadratic reciprocity was due to Gauss.

The final three sections contain wholly novel contributions to the field: Gauss’stheory of quadratic forms and applications, and his study of roots of unity (moti-vated, as we have seen, by the constructibility of the 17-gon). An eighth section,omitted due to the length of the rest of the volume, was published posthumouslyand contains “a general treatment of algebraic congruences of indeterminate rank”([Gau66], Author’s Preface)—in modern terminology, a theory of function fieldsover finite fields.

Lagrange wrote to Gauss with effusive praise: “Your Disquisitiones have withone stroke elevated you to the rank of the foremost mathematicians, and contest ofthe last section [on roots of unity and the 17-gon] I look on as the most beautifulanalytical discovery which has been made for a long time.” ([Dun04], p. 44)

The Disquisitiones were dedicated to Gauss’s patron the Duke of Brunswick,who financed its publication and had already financed Gauss’s education, and towhom Gauss felt deeply endebted. Gauss writes:

10 DAVID SAVITT

I consider it my greatest good fortune that you allow me to adornthis work of mine with your most honorable name. I offer it to youas a sacred token of my filial devotion. Were it not for your favor,most serene Prince, I would not have had my first introduction tothe sciences. Were it not for your unceasing benefits in support ofmy studies, I would not have been able to devote myself totally tomy passionate love, the study of mathematics. It has been yourgenerosity alone which freed me from other cares, allowed me togive myself to so many years of fruitful contemplation and study,and finally provided me the opportunity to set down in this volumesome partial results of my investigations. And when at length Iwas ready to present my work to the world, it was your munificencealone which removed all the obstacles which threatened to delayits publication. ([Gau66])

2.2. Quadratic residues. We will shortly give three proofs of Theorem 2.1, all ofwhich can be found in Disquisitiones. The first and third proofs are due to Euler;the second is Gauss’s modification of the first proof. We will see two more proofs ofthis theorem in Section 3.4 (Exercises 3.28 and 3.31) and a sixth proof in Section4.2. We take as a starting point the following fact, which follows from the Euclideandivision algorithm:

Proposition 2.2. If a and b are integers, then there exist integers x and y suchthat

(a, b) = ax + by ,

where (a, b) denotes the greatest common divisor of a and b.

This has the following important consequence:

Proposition 2.3 ([Gau66], art. 14). Let p be a prime number (i.e., a number withexactly two positive divisors, namely 1 and p). If p | ab, then p | a or p | b.

Recall that the notation x | y indicates that x divides y, that is, that y/x is aninteger; if x does not divide y, we write x - y.

Proof. Assume that p - a. Since the only positive divisors of p are 1 and p, andsince p does not divide a, it follows that (a, p) = 1. By Proposition 2.2, there existx and y such that

1 = ax + py .

Multiplying this equation by b, we obtain

b = (ab)x + p(by) .

Since ab and p are both divisible by p, so is b. ¤

Of this result, Gauss notes: “Euclid had already proved this theorem in thisElements (Book VII, No. 32). However, we did not wish to omit it because manymodern authors have employed vague computations in place of proof or have ne-glected the theorem completely” ([Gau66], art. 14). The above proof is now stan-dard, but it is not the proof given by Gauss. Gauss notes that (if we are to find acontradiction) we may suppose that a and b are positive and less than p. But givena < p, suppose b > 1 is the smallest positive integer such that p | ab. Now p, beingprime, is not a multiple of b, so suppose mb < p < (m + 1)b. Then 0 < p−mb < b,


but a(p−mb) = p(a− abp ) is a multiple of p, contradicting the minimality of b. This

result is at the heart of Gauss’s proof of the fundamental theorem of algebra.

Proposition 2.4 (The fundamental theorem of algebra; [Gau66], art. 16). Everyinteger can be factored as a product of primes in exactly one way.

Here Gauss notes “It is clear from elementary considerations that any compositenumber can be resolved into prime factors, but it is tacitly supposed and generallywithout proof that this cannot be done in various ways.” Thus Gauss departsfrom his contemporaries by providing a rigorous proof of unique factorization ofthe integers.

Exercise 2.5. Prove the fundamental theorem of algebra.

We now continue towards our goal of proving Theorem 2.1.

Proposition 2.6. Suppose that p - k. Then there exists x such that kx ≡ 1(mod p).

Proof. As before, we may write 1 = kx + py. Reducing this equation modulo pyields 1 ≡ kx (mod p). ¤

In fact, such x is unique, at least considered modulo p. This follows directlyfrom:

Proposition 2.7. Suppose that p - k and kx ≡ ky (mod p). Then x ≡ y (mod p).

Proof. The hypotheses tell us that p | k(x − y) and that p - k; by Proposition 2.3we must have p | x− y, so that x ≡ y (mod p). ¤

If p - k, we shall let k−1 denote the unique residue x (mod p) such that kx ≡ 1(mod p); we call k−1 the inverse of k (mod p). Evidently (k−1)−1 is equal to k. Inthis manner, we see that the p − 1 non-zero residues modulo p may be paired offby pairing k with k−1, with the exception of any cases where k is actually equal tok−1 (mod p). But in fact, we have:

Proposition 2.8. If k2 ≡ 1 (mod p), then k ≡ ±1 (mod p). In fact, if x2 ≡ y2

(mod p), then x ≡ ±y (mod p).

Proof. The first statement is a special case of the second. If x2 ≡ y2 (mod p), then

p | (x2 − y2) = (x− y)(x + y) .

By Proposition 2.3 we have either p | x − y or p | x + y; in the former case x ≡ y(mod p), and in the latter case x ≡ −y (mod p). ¤Exercise 2.9 (Wilson’s Theorem). Prove that (p− 1)! ≡ −1 (mod p). (Hint: usethe fact that k, k−1 form a pair unless k ≡ ±1 (mod p).)

Definition 2.10. We say that an integer k which is not divisible by p is a quadraticresidue modulo p if there exists x such that x2 ≡ k (mod p); we say that k is aquadratic non-residue if no such x exists. This definition is encapsulated in theLegendre symbol : we write

(k

p

)=

1 if k is a quadratic residue modulo p

−1 if k is a quadratic non-residue modulo p

0 if k ≡ 0 (mod p)

12 DAVID SAVITT

Remark 2.11. This notation is the modern notation, and was not used by Gauss.He wrote k R p to denote that k is a quadratic residue (mod p) and k N p to denotethat k is a quadratic non-residue.

Corollary 2.12 ([Gau66], art. 96). Let p be an odd prime. There are exactly(p−1)/2 quadratic residues modulo p, and exactly (p−1)/2 quadratic non-residues.

Proof. By Proposition 2.8, the numbers 12, 22, . . . ,(

p−12

)2are distinct modulo p;

moreover the numbers in this list are the same modulo p as the numbers in the list(p+12

)2 ≡ (−p−12

)2, . . . , (p− 1)2 ≡ (−1)2. ¤

Proposition 2.13 ([Gau66], art. 99). We have the formula(

kp

)(lp

)=

(klp

).

That is, (a) the product of two quadratic residues is a quadratic residue; (b) theproduct of a quadratic residue and a non-residue is a non-residue; and (c) theproduct of two non-residues is a non-residue.

Proof. The proof is in three parts. To see (a), suppose that x2 ≡ k and y2 ≡ l(mod p). Then (xy)2 ≡ kl (mod p), so kl is a quadratic residue.

For (b), suppose that x2 ≡ k (mod p), and assume that kl is a quadratic residue;let y2 ≡ kl (mod p). Then (yx−1)2 ≡ l (mod p), and l is a quadratic residue. Thisestablishes the contrapositive of (b).

To establish (c), suppose that k and l are quadratic non-residues modulo p. Ob-serve from part (b) that x2l is a quadratic non-residue for any x. By Proposition 2.7and the proof of Corollary 2.12, the numbers 12l, . . . ,

(p−12

)2l are distinct modulo

p and so form a complete list of the quadratic non-residues modulo p. Since kl isnot in this list, again by Proposition 2.7, it follows that kl must be a quadraticresidue. ¤

2.3. Two proofs of Theorem 2.1. We are now ready to give our first two proofsof Theorem 2.1. We suppose throughout that p is an odd prime.

Proof 1 of Theorem 2.1. (Euler; also [Gau66], art. 109). Since k·k−1 ≡ 1 (mod p)is always a quadratic residue, it follows from Proposition 2.13 that k and k−1 areeither both quadratic residues or both quadratic non-residues modulo p. As weobserved before the proof of Proposition 2.8, the residues modulo p may be pairedoff by pairing k with k−1, with the exception of 1 and −1, which would pair withthemselves. In this manner, the quadratic residues themselves can be paired off,with the exception of 1 and possibly −1. But 1 is always a quadratic residue, andso the total number of quadratic residues modulo p is even if −1 is a quadraticresidue, and odd otherwise.

However, the number of quadratic residues modulo p is (p− 1)/2, which is evenif p ≡ 1 (mod 4) and odd if p ≡ 3 (mod 4). We conclude that

(−1p

)= 1 if p ≡ 1

(mod 4) and(−1p

)= −1 if p ≡ 3 (mod 4). ¤

Our second proof is Gauss’s variant of the above:

Proof 2 of Theorem 2.1. ([Gau66], art. 110). Observe that (p− 1)! is a product of(p− 1)/2 quadratic residues and (p− 1)/2 quadratic non-residues. By Proposition2.13, whether or not this is a quadratic residue depends only on the number ofquadratic non-residues in the product: namely, a non-zero product is a quadratic


residue if the number of quadratic non-residues in the product is even, and a non-residue if the number of quadratic non-residues in the product is odd.

The number of quadratic residues in the product is (p − 1)/2, which is even ifp ≡ 1 (mod 4) and odd if p ≡ 3 (mod 4); so (p− 1)! is a quadratic residue if p ≡ 1(mod 4) and a non-residue of p ≡ 3 (mod 4). But by Wilson’s Theorem (Exercise2.9), (p− 1)! ≡ −1 (mod p). The result follows. ¤

Exercise 2.14. If p ≡ 1 (mod 4), verify that(

p−12

)!2 ≡ −1 (mod p).

2.4. Primitive roots. Our third proof of Theorem 2.1 depends on a more carefulanalysis of the multiplicative structure of the integers modulo p. Since the extragenerality does not add much difficulty, we will begin by working modulo an arbi-trary integer n, and later specialize back to the case where the modulus is a prime.Gauss’s treatment of the subject may be found at the beginning of Section III of[Gau66], in articles 45 through 55. The arguments are somewhat dry, but we willuse the main result (Theorem 2.29) repeatedly.

Definition 2.15. If (a, n) = 1, then the order of a (mod n), denoted ordn(a), isdefined to be the smallest positive integer k such that ak ≡ 1 (mod n).

This definition makes sense, because we certainly know that aφ(n) ≡ 1 (mod n),where φ denotes the Euler φ-function.

Example 2.16. For any n, ordn(1) = 1. Modulo 7, we have the following table ofpowers:

ak 1 2 3 4 5 61 1 1 1 1 1 12 2 4 1 2 4 13 3 2 6 4 5 14 4 2 1 4 2 15 5 4 6 2 3 16 6 1 6 1 6 1

From the table, we observe that ord7(6) = 2, ord7(2) = ord7(4) = 2, and ord7(3) =ord7(5) = 6.

We begin with:

Proposition 2.17. If ak ≡ 1 (mod n), then ordn(a) divides k.

Proof. Using the Euclidean algorithm, write k = q · ordn(a) + r, where r is anonnegative integer smaller than ordn(a). Then

ak = aq·ordn(a)+r = ar(aordn(a))q ≡ ar · 1q ≡ ar (mod n).

Since ak ≡ 1 (mod n), we have ar ≡ 1 (mod n). Since ordn(a) is the smallestpositive integer power of a which is 1 (mod n), and since r < ordn(a), it is thereforeimpossible for r to be positive. Consequently, r = 0 and ordn(a) divides k. ¤

The converse is evident, i.e. if ordn(a) divides k then certainly ak ≡ 1 (mod n),so we can in fact say that ak ≡ 1 (mod n) if and only if ordn(a) divides k. As acorollary, we obtain:

Corollary 2.18. If (a, n) = 1, then ordn(a) divides φ(n).

14 DAVID SAVITT

Proof. By Euler’s generalization of Fermat’s Little Theorem, we know that aφ(n) ≡1 (mod n). The result then follows directly from the preceding theorem. ¤

There is a useful result which allows us to calculate the order of ak once we knowthe order of a.

Proposition 2.19. If (a, n) = 1, then ordn(ak) = ordn(a)/(k, ordn(a)).

Proof. We are trying to answer the question: for what l does (ak)l ≡ 1 (mod n)?By Proposition 2.17, this congruence holds if and only if ordn(a) | kl. This is thecase if and only if ordn(a)/(k, ordn(a)) divides l: see the Lemma following thisproof. Thus, the smallest positive value of l which makes (ak)l ≡ 1 (mod n) isordn(a)/(k, ordn(a)), and so ordn(ak) = ordn(a)/(k, ordn(a)). ¤

Lemma 2.20. We have a | bc if and only if a(a,b) | c.

Exercise 2.21. Use Proposition 2.2 to prove Lemma 2.20.

Example 2.22. Using ord7(3) = 6, we obtain ord7(35) = 6/(6, 5) = 6/1 = 6. Since35 ≡ 5 (mod 7), we conclude that ord7(5) = 6 as well.

Finally, we use the above result to prove a lemma which will be useful to us inthe next section. The lemma states that if the orders of two elements are relativelyprime, then the order of their product is the product of their orders, which allowsus to construct elements of larger order from elements of smaller order.

Lemma 2.23. If ordn(a) and ordn(b) are relatively prime, then ordn(ab) = ordn(a)·ordn(b).

Proof. If (ab)k ≡ 1 (mod n), then ak ≡ b−k (mod n), so ordn(ak) = ordn(b−k).By Proposition 2.19, we therefore have

ordn(a)/(k, ordn(a)) = ordn(b)/(−k, ordn(b)).

Rewriting this as

ordn(a) · (−k, ordn(b)) = ordn(b) · (k, ordn(a)),

it follows thatordn(a) | ordn(b) · (k, ordn(a)) .

By another application of Lemma 2.20 using the fact that (ordn(a), ordn(b)) = 1we conclude that ordn(a) divides (k, ordn(a)), and so ordn(a) is a divisor of k.Similarly, ordn(b) divides k, and so in fact ordn(a) ·ordn(b) divides k. But certainly(ab)ordn(a)·ordn(b) ≡ 1 (mod n), so as desired we obtain ordn(ab) = ordn(a)·ordn(b).

¤

Definition 2.24. An integer a, relatively prime to n, is called a primitive root(mod n) if the powers a1, a2, . . . , aφ(n) are all different (mod n). Since adding amultiple of n to a doesn’t change whether or not it’s a primitive root (mod n), weconsider any two primitive roots (mod n) which differ by a multiple of n to be thesame primitive root.

Since there are exactly φ(n) different residues (mod n) which are relatively primeto n, and since if (a, n) = 1 then the powers ak are all also relatively prime to n, itfollows that if a is a primitive root (mod n), then the residues of a1, a2, . . . , aφ(n)

must be all of the different residues (mod n) which are relatively prime to n. So,


the row corresponding to a in the table of powers (mod n) is a row containing everypossible residue.

Exercise 2.25. Show that 3 and 5 are the two primitive roots (mod 7). Show thatthere are no primitive roots (mod 8).

Proposition 2.26. An integer a is a primitive root (mod n) if and only if ordn(a) =φ(n).

Proof. If ordn(a) < φ(n), then 1 appears at least twice in the list of powersa1, a2, . . . , aφ(n): in particular, aordn(a) ≡ aφ(n) ≡ 1 (mod n). So, these residueclasses are not all different, and a cannot be a primitive root. On the other hand,if ordn(a) = φ(n), could we have ai ≡ aj (mod n) with 1 ≤ i < j ≤ φ(n)? No,because then we would find that aj−i ≡ 1 (mod n), contradicting the assumptionthat aφ(n) is the smallest power of a to be congruent to 1 (mod n). Thus, a isindeed a primitive root (mod n). ¤

Exercise 2.27. Verify that 2 and 5 are the only primitive roots (mod 9).

Suppose a and b are primitive roots (mod n). Then b ≡ ak (mod n) for some k,by the definition of a primitive root and the fact that b must be relatively prime ton. What, then, is ordn(b)? By Theorem 2.19,

ordn(b) = ordn(ak) = ordn(a)/(k, ordn(a)).

But since we’ve assumed that b and a are both primitive roots, we need ordn(b) =ordn(a) = φ(n), and (k, ordn(a)) = (k, φ(n)) = 1. Thus, k must be relatively primeto φ(n). On the other hand, if we start with a primitive root a and an integer kthat is relatively prime to n, then reversing the preceeding argument shows thatordn(ak) = φ(n), and so ak is a primitive root as well. Therefore, we get a primitiveroot (mod n) exactly for each integer between 1 and φ(n) which is relatively primeto φ(n), and we have proved:

Proposition 2.28. If there are any primitive roots (mod n), then there are exactlyφ(φ(n)) of them. Given one primitive root, a, the others can be obtained by takingpowers ak with (k, φ(n)) = 1.

Notice that this argument assumed the existence of at least one primitive root(mod n), and proceeded to count exactly the number of different primitive roots(mod n). However, this argument does not say anything about whether or not anyprimitive roots exist (mod n).

Finally, we come to:

Theorem 2.29 ([Gau66], art. 55). If p is a prime, then there exist primitive roots(mod p).

In the proof of this Theorem, we will need to use the fact that for any divisor kof p − 1, there exists a such that a(p−1)/k 6≡ 1 (mod p). To establish this fact, wewill use:

Proposition 2.30. Let f(x) be a polynomial of degree d. Then f(x) has at most droots (mod p).

Proof. We prove the following stronger result: there exist r1, . . . , re and a polyno-mial g(x) of degree d − e such that f(x) ≡ (x − r1) · · · (x − re)g(x) (mod p) and

16 DAVID SAVITT

g(x) has no roots (mod p). (We say that two polynomials are congruent modulop if they are congruent coefficient by coefficient: that is, their constant terms arecongruent modulo p, the coefficients of their linear terms are congruent modulo p,and so on.)

The proof proceeds by induction on d; the case d = 1 is clear. Suppose theresult is established for degree d − 1, and let f(x) have degree d. If f(x) hasno roots modulo p, then we are done; assume, then, that f(x) has a root r1.Divide the polynomial f(x) by (x−r1) using the usual polynomial division, so thatf(x) = (x−r1)g(x)+f(r1) and g(x) has degree d−1. Since f(r1) ≡ 0 (mod p), wehave f(x) ≡ (x − r1)g(x) (mod p). Applying the induction hypothesis, the resultfollows.

Finally, note (e.g. by Proposition 2.3) that r1, . . . , re are all of the roots of f(x)modulo p, and e ≤ d. ¤

Proof of Theorem 2.29. Write the prime factorization

p− 1 = qα11 · · · qαs

s

with q1, . . . , qs distinct primes. By Proposition 2.30, the polynomial x(p−1)/qi − 1has at most (p − 1)/qi roots modulo p. In particular, there exists bi that is not aroot of this polynomial.

Set ai = b(p−1)/q

αii

i . Then

aq

αii

i ≡ bp−1i ≡ 1 (mod p) ,

so that ordp(ai) | qαii . On the other hand,

aq

αi−1i

i ≡ b(p−1)/qi

i 6≡ 1 (mod p), ,

and therefore ordp(ai) is exactly qαii .

Then, by repeated application of Lemma 2.23, we see that ordp(a1 · · · as) =qα11 · · · qαs

s = p− 1, and a1 · · · as is a primitive root modulo p. ¤

We can now give:

Proof 3 of Theorem 2.1. (Euler; also [Gau66], art. 64). Since the case p = 2 isclear, let p be an odd prime. Suppose that x2 ≡ −1 (mod p). Then x4 ≡ 1(mod p), so ordp(x) = 4. It follows that 4 | p−1, and we must have p ≡ 1 (mod 4).

On the other hand, if p ≡ 1 (mod 4), choose a primitive root a modulo p,and let x = a(p−1)/4. Then x2 6≡ 1 (mod p) but (x2)2 ≡ 1 (mod p), and so byProposition 2.8 we have x2 ≡ −1 (mod p). ¤

3. Two Elementary Proofs of Quadratic Reciprocity

3.1. When are 2, 3, 5, . . . squares modulo p? Now that we have determinedthe primes p such that −1 is a square modulo p, it is natural to turn to similarquestions: when is 2 a square modulo p? 3? An arbitrary number k? In articles112 to 124 of [Gau66], Gauss discusses the work of Fermat, Euler, and Lagrange onthese problems when k ≤ 7. We begin with:

Proposition 3.1. If p ≡ 3 or 5 (mod 8) then(

2p

)= −1.


Proof. Suppose not. Then there exists a smallest prime p which is congruent to3 or 5 (mod 8) and such that

(2p

)= 1; say a2 ≡ 2 (mod p). Replacing a by its

smallest residue (mod p), and then replacing a by p−a if necessary, we may supposewithout loss of generality that a is odd and less than p. Write

a2 − 2 = pt .

Now any prime q dividing t has a2 ≡ 2 (mod q) as well, and moreover

t =a2 − 2

p<

p2

p= p ,

so q ≤ t < p. Therefore, to obtain a contradiction to the minimality of p, it sufficesto prove that t is divisible by a prime which is congruent to 3 or 5 (mod 8).

But the square of any odd number is congruent to 1 (mod 8). Hence pt =a2 − 2 ≡ −1 (mod 8), and since p ≡ 3 or 5 (mod 8), we find t ≡ 3 or 5 (mod 8)as well. But a product of primes which are congruent to ±1 (mod 8) must againbe ±1 (mod 8); it follows that t cannot be a product of only such primes, and somust be divisible by a prime which is congruent to 3 or 5 (mod 8). ¤Exercise 3.2. Use an essentially identical argument to prove that if p ≡ 5 or 7(mod 8), then

(−2p

)= −1.

Proposition 3.3.(

2p

)= 1 if and only if p ≡ 1 or 7 (mod 8).

Proof. In Proposition 3.1, we have proved the negative portion of this statement:that if p ≡ 3 or 5 (mod 8), then 2 is not a square (mod p). We will have to showthat if p ≡ 1 or 7 (mod 8), then 2 is a square (mod p). We use a different trick foreach of the two cases.

If p ≡ 7 (mod 8), then −2 and −1 are both non-squares mod p: the former byExercise 3.3, the latter by Theorem 2.1. The product of two non-squares is a square(Proposition 2.13), and so 2 is a square mod p.

On the other hand, if p ≡ 1 (mod 8), let g be a primitive root modulo p, so thatg has order p− 1 = 8k for some k. Then g4k ≡ −1 (mod p), so

(gk + g−k)2 ≡ g2k + 2 + g−2k (mod p)

≡ g−2k(g4k + 1) + 2 (mod p)≡ 2 (mod p) ,

as desired. ¤Amusingly, although it appears the above proof is constructive in the case p ≡ 1

(mod 8) and non-constructive when p ≡ 7 (mod 8), from an algorithmic point ofview this is not the case! The above construction of a square root of 2 (mod p) whenp ≡ 1 (mod 8) depends on finding a primitive root mod p, for which fast algorithmsare only known conditionally on the Extended Riemann Hypothesis. On the otherhand, now that we know

(2p

)= 1 if p ≡ 7 (mod 8), we can show:

Exercise 3.4. If p = 8k + 7, then 22k+2 is a square root of 2 modulo p.

The above propositions are due to Lagrange [Lag75]. Fermat had correctly de-termined the primes p for which 2 is a square modulo p (as well as those for which3 is a square modulo p), but never wrote down a proof. The arguments for

(±3p

)

18 DAVID SAVITT

below are due to Euler [Eul63]; Gauss notes that it is “astonishing that proof ofthe propositions relative to the residues +2 and −2 kept eluding Euler, since theydepend on similar devices.” We will see another proof of these results in Exercises3.32 and refthree-again. The arguments for

(±5p

)and

(±7p

)are due to Lagrange

[Lag75].

Exercise 3.5. Use methods similar to those of Proposition 3.1 to show that(

3p

)=

−1 if p ≡ 5, 7 (mod 12); and that(−3p

)= −1 if p ≡ 5, 11 (mod 12).

Exercise 3.6. Conclude that(

3p

)= 1 if p ≡ 11 (mod 12) and

(−3p

)= −1 if p ≡ 7

(mod 12).

Exercise 3.7. Suppose p = 3k + 1, and let g be a primitive root mod p. Provethat 2gk + 1 is a square root of −3 (mod p). Conclude in particular that

(3p

)=(

−3p

)= 1 if p ≡ 1 (mod 12).

Exercise 3.8. Prove that(

5p

)= −1 if p ≡ 2, 3 (mod 5), by proving more generally

that there is no odd integer t such that 5 is square mod t but(

t5

)= −1.

Exercise 3.9. Suppose p = 5k + 1, and let g be a primitive root mod p. Provethat 2gk + 1 + 2g−k is a square root of 5 mod p.

We will see later (Propositions 4.26 and 4.29) how to generalize this argumentto determine

(qp

)for primes p ≡ 1 (mod q).

Exercise 3.10. Let p be a prime, and b a quadratic non-residue modulo p. Provethat

(x +√

b)p+1 − (x−√

b)p+1

√b

is divisible by p for all integers x.

Exercise 3.11. Use the preceding exercise to prove that if e divides p + 1, thenthe polynomial

(x +√

b)e − (x−√

b)e

√b

has at least e− 1 roots modulo p.

Exercise 3.12. Suppose p = 5k + 4, let b be a quadratic non-residue modulo p,and choose a such that

(a +√

b)5 − (a−√

b)5√b

is divisible by p. Show that

(b + 5a2)2 ≡ 20a2 (mod p)

and conclude that 5 is a square modulo p.

Exercise 3.13. Conclude that(

5p

)=

(p5

)for all odd primes p 6= 5.

Gauss notes that the arguments for(±7p

)are largely similar, but that the cases

p = 7k + 2 and p = 7k + 4 must be handled differently.


3.2. Quadratic Reciprocity. In an appendix to Disquisitiones, Gauss includesa table of

(pq

)for primes p, q < 100. We have already seen that

(5p

)=

(p5

)for

all odd primes p 6= 5; investigating the table, one observes that the same patternappears to hold when 5 is replaced by any prime q ≡ 1 (mod 4).

On the other hand, it is certainly not the case that(

qp

)=

(pq

)for all odd primes

p, q: for example,(

37

)= −1 whereas

(73

)=

(13

)= 1.

Exercise 3.14. Use the results of Exercises 3.5,3.6,3.7 to show that(

3p

)=

(p3

)if

p ≡ 1 (mod 4), whereas(

3p

)= − (

p3

)if p ≡ 3 (mod 4).

An identical pattern emerges upon replacing 3 by any prime q ≡ 3 mod 4. Oneis led to the following conjecture:

Theorem 3.15 (Quadratic Reciprocity). Let p, q be odd primes. If p ≡ 1 (mod 4)or q ≡ 1 (mod 4), then

(pq

)=

(qp

). If p, q ≡ 3 (mod 4), then

(pq

)= −

(qp

).

Exercise 3.16. Show that quadratic reciprocity may be reformulated as follows:if p, q are odd primes, then(

p

q

)(q

p

)= (−1)

(p−1)(q−1)4 .

Gauss found six proofs of quadratic reciprocity; as of 2004, there are more than200 known proofs of quadratic reciprocity . In the introduction to his third proofof quadratic reciprocity, Gauss describes the history of the result:

We must consider Legendre as the discoverer of this very eleganttheorem, although special cases of it had previously been discov-ered by the celebrated geometers Euler and Lagrange. [...] I dis-covered this theorem independently in 1795 at a time when I wastotally ignorant of what had been achieved in higher arithmetic,and consequently had not the slightest aid from the literature onthe subject. For a whole year this theorem tormented me and ab-sorbed my greatest efforts until at last I obtained a proof givenin the fourth section of [Disquisitiones]. Later I ran across threeother proofs which were built on entirely different principles. Oneof these I have already given in the fifth section [of Disquisitiones],the others, which do not compare with it in elegance, I have re-served for future publication. Although these proofs leave nothingto be desired as regards rigor, they are derived from sources muchtoo remote, except perhaps the first, which however proceeds withlaborious arguments and is overloaded with extended operations.I do not hesitate to say that till now a natural proof has not beenproduced. I leave it to the authorities to judge whether the follow-ing proof which I have recently been fortunate enough to discoverdeserves this description. [Gau08]; translated in [Smi59] by D.H.Lehmer

Gauss’s first proof, completed in April 1796, and his third proof, completed inMay 1807, use essentially only elementary principles; it is these two proofs thatwe will give in the next two sections. As Gauss notes, his other proofs rely on

20 DAVID SAVITT

machinery (“sources much too remote”): for example, Gauss’s second proof useshis genus theory of quadratic forms, while his fourth proof (completed in May 1801,but not published until 1811) follows from his evaluation of the Gauss sum. Froma 21st century vantage point, these proofs (which we will see later) may seem morenatural than the elementary proofs! Gauss understood this: indeed, he continuedto seek more proofs of quadratic reciprocity, in the hope of finding techniquesthat would generalize to the cubic and biquadratic situations. (When do x3 ≡ q(mod p) or x4 ≡ q (mod p) have solutions?) Though it was Eisenstein and Jacobi,not Gauss, who eventually proved the laws of cubic and biquadratic reciprocity, theideas in Gauss’s later proofs of quadratic reciprocity would play important roles.

3.3. The First Proof of Quadratic Reciprocity. Gauss’s first proof of qua-dratic reciprocity proceeds by induction. (One should be aware that when Gausssays he is obtaining a result “by induction”, he means that he is producing thestatement of a result by generalizing from examples, not that he is proving theresult. When we write “induction”, we will always mean mathematical induction.)Our proof is essentially the one given by Gauss in articles of [Gau66], but we anelucidation of a simplification due to L. Carlitz [Car60].

Before giving the proof, we sketch an outline of it. Suppose p and q are positive,odd primes with p < q; we wish to relate

(pq

)and

(qp

). The first step is to produce

a number r < q such thate2 = pr + qf

for some even e and odd f < q. Reducing this equation modulo p, we see that(

qp

)

depends only on(

fp

); since f < q we may use an inductive hypothesis to determine(

fp

)in terms of whether p is a square (mod f). But pr is known to be a square

(mod f), so it suffices to determine whether r is a square (mod f); by another useof the inductive hypothesis, this is determined by whether f is a square (mod r).But the latter is known, by our assumption that

(rq

)is understood, and our proof

will go through.There are, of course, many details to be added. To begin with, note that f may

be composite, and yet in our induction step we wish to consider whether p and rare squares modulo f . To that end, we require the following generalization of theLegendre symbol:

Definition 3.17. If m and n are odd numbers, with n = pa11 · · · pak

k and positive,the Jacobi symbol is defined to be

(m

n

)=

(m

p1

)a1

· · ·(

m

pk

)ak

where the terms in the product on the right-hand side are the Legendre symbol.In particular, if m and n are primes, the Jacobi symbol is equal to the Legendresymbol.

Exercise 3.18. If m is congruent to a square modulo n, prove that(

mn

)= 1.

Prove that(

mn

) (m′n

)=

(mm′

n

).

Exercise 3.19. If x, y are odd integers, set µ(x, y) = (−1)(x−1)(y−1)/4. If m isanother odd integer, show that µ(x,m)µ(y, m) = µ(xy, m).


Exercise 3.20. Show that quadratic reciprocity implies the following reciprocitylaw for the Jacobi symbol:(m

n

)( n

m

)= (−1)(m−1)(n−1)/4 .

Note that to prove the above reciprocity law, one needs quadratic reciprocityonly for primes up to m and n.

Exercise 3.21. Extend the definition of the Jacobi symbol to negative odd integersby defining

(mn

)=

(m−n

). Show that the reciprocity law of Exercise 3.20 still holds

if one (but not both) of m,n are negative.

To produce our auxiliary r, we use the following lemma:

Lemma 3.22. If q ≡ 1 (mod 4), there exists a prime p′ < 2b√qc + 1 such that(qp′

)= −1.

Proof. We argue as in articles 124 through 129 of [Gau66]; for the case q ≡ 1(mod 8), we follow the exposition of [Lem00]. If q ≡ 5 (mod 8), take any a <

√q/2.

Then q− 2a2 is positive and congruent either to 3 or 5 (mod 8), so must have someprime divisor p′ ≡ 3, 5 (mod 8). Certainly q ≡ 2a2 (mod p′). But by Proposition3.3 we know that 2 is not a square modulo p′, and so q is also not a square modulop′.

Suppose that q ≡ 1 (mod 8), and set m = b√qc. Assume that(

qp′

)= 1 for all

p′ ≤ 2m+1. By the exercise following this proof, the congruence x2 ≡ q (mod (p′)s)has solutions for all p′ ≤ 2m+1 and all s > 0. By the Chinese Remainder Theorem,there is an integer x such that x2 ≡ q (mod (2m + 1)!).

But(

x+m2m+1

)is an integer, which implies

0 ≡ x(x− 1)(x + 1) · · · (x−m)(x + m) (mod (2m + 1)!)≡ x(x2 − 12) · · · (x2 −m2) (mod (2m + 1)!)≡ x(q − 12) · · · (q −m2) (mod (2m + 1)!)

Since x and (2m + 1)! are relatively prime, it follows that (2m + 1)! divides (q −12) · · · (q −m2). But in fact

(2m + 1)! = (m + 1 + m) · · · (m + 1) · · · (m + 1−m)= ((m + 1)2 − 1) · · · ((m + 1)2 −m2)(m + 1)> (q − 12) · · · (q −m2)

a contradiction. ¤

Exercise 3.23. If p′ is odd and x2 ≡ q (mod p′) has a solution, prove by inductionthat x2 ≡ q (mod (p′)s) has a solution for all s ≥ 1. Similarly, if x2 ≡ q (mod 8)has a solution, prove that x2 ≡ q (mod 2s) has a solution for all s ≥ 3.

Finally, we are ready to prove quadratic reciprocity by induction. Our inductionis on the maximum max(p, q), where p and q are distinct odd primes. Assumewithout loss of generality that p < q, so that in the induction step we fix q andwe wish to prove

(pq

)(qp

)= µ(p, q) for all p < q. In fact, we need to proceed by

proving this statement first for all p such that(

pq

)= 1, and then for all p such

22 DAVID SAVITT

that(

pq

)= −1; that is, if

(pq

)= −1 then quadratic reciprocity for all pairs (p′, q)

with(

p′

q

)= 1 will already be available to us as part of the induction hypothesis.

Define

r =

1 if(

pq

)= 1

−1 if(

pq

)= −1 and q ≡ 3 (mod 4)

p′ if(

pq

)= −1 and q ≡ 1 (mod 4)

where in the last case we use Lemma 3.22 to obtain p′ < q such that(

qp′

)= −1.

In this last case, if we had(

p′

q

)= 1 then the induction hypothesis would imply(

qp′

)= 1, a contradiction; so

(rq

)=

(p′

q

)= −1 as well. Observe then that in all

cases(

prq

)= 1, so we may write

(3.24) e2 = pr + qf

for some even e < q, and it is easy to see (since p, r < q and r ≥ −1) that |f | < q.The proof now breaks into several cases depending on the greatest common divisorof f and pr. Carlitz [Car60] notes that these cases can be unified with judiciousnotation, but since this obfuscates the proof somewhat, we precede the general casewith the case (f, pr) = 1. We may compute

(q

p

)=

(f

p

)reducing equation (3.24) mod p

= µ(p, f)(

p

f

)by the induction hypothesis

= µ(p, f)(

r

f

)reducing equation (3.24) mod f

= µ(p, f)µ(r, f)(

f

r


= µ(p, f)µ(r, f)(q

r

)reducing equation (3.24) mod r

= µ(p, f)µ(r, f)µ(r, q)(

r

q

)

where the last step uses either the induction hypothesis (if r = p′) or is obvious ifr = ±1. Note that in the fourth step, we are using the extended version of quadraticreciprocity of Exercise 3.21 (whose proof for

(fr

)only entails quadratic reciprocity

for primes dividing f and r, so is obtainable from the induction hypothesis). Now,we know

(rq

)=

(pq

); moreover, by Exercise 3.19 we have µ(p, f)µ(r, f)µ(r, q) =

µ(pr, qf)µ(p, q), so that(

q

p

)= µ(pr, qf)µ(p, q)

(p

q

).

But pr and qf are odd and pr + qf = e2 is divisible by 4, so exactly one of pr andqf is congruent to 1 (mod 4). Therefore µ(pr, qf) = 1, and the result follows.


We now prove the general case, which uses the same ideas but is somewhat morecomplicated. Note that if r = p then we are already done, so we may assume r 6= p.Write (f, pr) = d, set s = pr/d, and write

(3.25) d(e′)2 = s + qf ′

with e′ = e/d, f ′ = f/d, and s relatively prime to d. Now(

q

p

)=

(q

s

)( q

d

)(q

r

)since sd = pr

=(

df ′

s

) ( q

d

)(q

r

)since d(e′)2 ≡ qf ′ (mod s)

= µ(s, df ′)( s

d

) (s

f ′

) ( q

d

)(q

r


= µ(s, df ′)(−qf ′

d

)(d

f ′

) ( q

d

)(q

r

)reducing (3.25) modulo d

= µ(s, df ′)µ(d, f ′)(−1

d

) (q

r

)

= µ(s, df ′)µ(d, f ′)µ(−1, d)µ(r, q)(

r

q

)

= µ(s, df ′)µ(d, f ′)µ(−1, d)µ(r, q)(

p

q

)

and so it remains to prove that

µ(p, q) = µ(s, df ′)µ(d,−f ′)µ(r, q) .

But

(3.26) µ(s, df ′)µ(s, q) = µ(s, df ′q) = µ(s,−sd) = µ(s, d) = µ(d,−qf ′)

where the first equality uses Exercise 3.19, the second uses the congruence sd +df ′q = (de′)2 ≡ 0 (mod 4), the third uses µ(s,−s) = 1, and the fourth uses thecongruence s + qf ′ ≡ 0 (mod 4). Multiplying the leftmost and rightmost sides of(3.26) by µ(d,−f ′)µ(rs, q) yields

µ(s, df ′)µ(d,−f ′)µ(r, q) = µ(d,−qf ′)µ(d,−f ′)µ(rs, q)

and, as desired, the right-hand side simplifies to

µ(d, q)µ(rs, q) = µ(p, q)

since pr = sd. This completes the proof.

3.4. Gauss’s third proof of quadratic reciprocity. Let p be an odd prime.We recall the following result due to Euler:

Proposition 3.27 (Euler’s criterion).(

kp

)≡ k

p−12 (mod p).

Proof. If(

kp

)= 1, write k ≡ x2 (mod p). Then

kp−12 ≡ (x2)

p−12 ≡ xp−1 ≡ 1 (mod p)

as well.

24 DAVID SAVITT

Conversely, suppose that kp−12 ≡ 1 (mod p). Let g be a primitive root modulo

p (Theorem 2.29) and suppose k ≡ gr (mod p). Then

kp−12 ≡ gr( p−1

2 ) ≡ 1 (mod p) ,

which implies that p− 1 | r (p−12

)and r is even. Therefore k ≡ (gr/2)2 is a square

modulo p.Thus

(kp

)= 1 if and only if k

p−12 ≡ 1 (mod p). Certainly

(kp

)= 0 if and only

if kp−12 ≡ 0 (mod p). The only other possibility for each quantity is −1 (mod p),

and the result follows. ¤

Exercise 3.28. Prove Theorem 2.1 using Euler’s criterion.

Gauss’s third proof of quadratic reciprocity relies on a clever application of Eu-ler’s criterion:

Proposition 3.29 (Gauss’s Lemma). Let p be an odd prime, and set

A ={

1, 2, . . . ,p− 1

2

}, B =

{p + 1

2, . . . , p− 1

}.

Let k be an integer not divisible by p, and let b(k, p) be the number of integers inthe list

k · 1, k · 2, . . . , k · p− 12

whose least residue (mod p) lies in B. Then(

kp

)= (−1)b(k,p).

Proof. The least residues (mod p) of the integers in the list k ·1, k ·2, . . . , k · p−12 are

evidently distinct (by Proposition 2.7). Note that if the least residue of i lies in B,then the least residue of −i lies in A. Moreover, if the least residue of ki lies in B,then the least residue of −ki is not equal to the least residue of ±kj for any otherj in 1, 2, . . . , p−1

2 . Indeed, if this were not so, we would have −ki ≡ ±kj (mod p),so that i ± j ≡ 0 (mod p); this is an impossibility if i and j are distinct integersbetween 1 and p−1

2 .Consider the list

±k · 1,±k · 2, . . . ,±k · p− 12

,

where the term ki is given the sign + if the least residue of ki lies in A, and thesign − if the least residue of ki lies in B. Note that there are exactly b(k, p) minussigns. It follows from the previous paragraph that the least residues of the numbersin this list are distinct and lie in A; since there are p−1

2 of them, they are simply apermutation of the numbers in A.

We conclude that if we multiply the numbers in the list k · 1, k · 2, . . . , k · p−12 ,

then the product is congruent to (−1)b(k,p)(

p−12

)! (mod p). On the other hand,

the product is exactly kp−12

(p−12

)! and obtain

kp−12

(p− 1

2

)! ≡ (−1)b(k,p)

(p− 1

2

)! (mod p) .

By Euler’s criterion, it follows (cancelling the(

p−12

)! terms) that

(kp

)= (−1)b(k,p).

¤


This argument is best illustrated by an example. Let p = 11 and k = 7. Then11−1

2 = 5, and the least residues of 7 · 1, . . . , 7 · 5 modulo 11 are, in order,

7, 3, 10, 6, 2 .

Modulo 11, these are the same as

−4, 3,−1,−5, 2 .

Therefore b(7, 11) = 3,

(7 · 1) · · · (7 · 5) ≡ (−4) · 3 · (−1) · (−5) · 2 (mod 11) ,

and755! ≡ (−1)35! (mod 11) .

We conclude(

711

) ≡ 75 = −1 (mod 11).We can now give Gauss’s third proof of quadratic reciprocity, following the treat-

ment of [Gau08]. Let p and q be distinct odd primes. By Gauss’s Lemma (Proposi-tion 3.29) and the reformulation of quadratic reciprocity in Exercise 3.16, we wantto prove

(−1)b(p,q)+b(q,p) = (−1)(p−12 )( q−1

2 ) ,

or equivalently that

(3.30) b(p, q) + b(q, p) ≡(

p− 12

) (q − 1

2

)(mod 2) .

Exercise 3.31. Prove Theorem 2.1 using Gauss’s Lemma.

Exercise 3.32. Use Gauss’s lemma to give another proof that(

2p

)= 1 if and only

if p ≡ ±1 (mod 8).

Exercise 3.33. Use Gauss’s lemma to give another proof that(

3p

)= 1 if and only

if p ≡ ±1 (mod 12).

Recall that bxc is defined to be the greatest integer less than or equal to x. Thefractional part of x is defined to be x − bxc. We use this to give this an algebraicformula for b(k, p). Indeed, note that if i is not divisible by p, then the least residueof ki (mod p) lies in A if and only if the fractional part of ki/p is less than 1/2,and lies in B if and only if the fractional part of ki/p is greater than 1/2.

Exercise 3.34. Verify that b2xc−2bxc =

{0 if the fractional part of x is < 1/21 if the fractional part of x is > 1/2

.

Exercise 3.35. Use the result of the previous Exercise to show that

b(k, p) =

p−12∑

i=1

(⌊2ik

p

⌋− 2

⌊ik

p

⌋).

We now depart slightly from Gauss’s original presentation of his proof. Accordingto (3.30), we are concerned only with whether b(q, p) and b(p, q) are even or odd.Gauss continues to work with exactly formulae for b(k, p) as long as possible and

26 DAVID SAVITT

later reduces mod 2. For simplicity, we will reduce mod 2 immediately; in particularwe have

b(k, p) ≡p−12∑

i=1

⌊2ik

p

⌋(mod 2)

=⌊

2k

p

⌋+

⌊4k

p

⌋+ · · ·+

⌊(p− 1)k

p

⌋(mod 2) .

(3.36)

Exercise 3.37. If a is an integer and x is not, show that bxc+ ba− xc = a− 1.

We apply the previous exercise to obtain⌊

ik

p

⌋+

⌊(p− i)k

p

⌋= k − 1 .

For k odd, this implies

(3.38)⌊

ik

p

⌋≡

⌊(p− i)k

p

⌋(mod 2) .

Note that i is even and greater than p/2 if and only if p − i is odd and less thanp/2; substituting (3.38) for all terms

⌊2ikp

⌋of (3.36) with 2i > p/2, we get

b(k, p) ≡⌊

k

p

⌋+

⌊2k

p

⌋+ · · ·+

⌊(p−12

)k

p

⌋(mod 2)

when k is odd. We therefore obtain

b(p, q) + b(q, p) ≡⌊

q

p

⌋+

⌊2q

p

⌋+ · · ·+

⌊(p−12

)q

p

⌋

+⌊

p

q

⌋+

⌊2p

q

⌋+ · · ·+

⌊(q−12

)p

q

⌋(mod 2) .

(3.39)

Now the proof of quadratic reciprocity is completed by the following exercise:

Exercise 3.40. Prove that

(3.41)

(⌊q

p

⌋+

⌊2q

p

⌋+ · · ·+

⌊(p−12

)q

p

⌋)+

(⌊p

q

⌋+

⌊2p

q

⌋+ · · ·+

⌊(q−12

)p

q

⌋)

is exactly equal to(

p−12

) (q−12

), as follows. Consider the rectangle of lattice points

(x, y) in the plane, with 1 ≤ x ≤ p−12 and 1 ≤ y ≤ q−1

2 . Show that⌊

iqp

⌋counts the

number of lattice points of the form (i, y) lying below the line py = qx. Show that⌊ipq

⌋counts the number of lattice points of the form (x, i) lying to the left of the

line py = qx. Conclude that the sum (3.41) counts the number of lattice points inthe full rectangle. How many lattice points are in the rectangle?

We remark that Gauss evaluated (3.41) in a somewhat laborious manner, ratherthan as above; but the above counting proof is too pretty to omit!


4. Roots of Unity and Gauss sums

We return now to the ideas of Section 1, in which we saw that Gauss usedalgebraic properties of the 17th roots of unity to prove that the regular 17-gon isconstructible. In Section VII of Disquisitiones, Gauss gives a systematic treatmentof these arguments.

4.1. Periods. In Section 1.3, we saw how the set of primitive 17th roots of unitycould be partitioned into cycles, whose sums (periods) satisfied polynomials whosecoefficients were periods of longer cycles. We will now generalize these ideas to thecase an arbitrary prime p.

Fix a primitive root g modulo p. Starting from ζp and repeatedly raising to thegth power, we obtain a cycle

ζp Ã ζgp Ã ζg2

p Ã · · · Ã ζgp−2

p Ã ζgp−1

p = ζp Ã · · ·of length p− 1 containing all of the primitive pth roots of unity. If f is any divisorof p−1, the cycle of length p−1 breaks up into e = p−1

f cycles of length f (obtainedby repeatedly raising to the geth power):

ζgi

p Ã ζgi+e

p Ã ζgi+2e

p Ã · · · Ã ζgi+fe

p = ζgi

p Ã · · ·for each 0 ≤ i < e.

Definition 4.1. If f | p− 1, then the period (f, ζkp ) is defined to be the sum of the

roots of unity in the cycle of length f containing ζkp ; that is,

(f, ζkp ) = ζk

p + ζkge

p + · · ·+ ζkg(f−1)e

p .

By analogy, we define (f, 1) = f . We will say that (f, ζkp ) is a period of length f ,

and that ζkp , ζkge

p , . . . , ζkg(f−1)e

p are the roots contained in (f, ζkp ).

Exercise 4.2. Prove that the period (f, ζkp ) does not depend on the choice of

primitive root g.

Exercise 4.3. Show that (p− 1, ζp) = −1.

Proposition 4.4 ([Gau66], art. 345). If λ, µ are pth roots of unity, then the product(f, λ)(f, µ) is a sum of periods of length f .

Proof. Suppose λ = ζjp and µ = ζk

p . One checks explicitly that terms in the product

(f, λ)(f, µ) = (ζjp + ζjge

p + · · ·+ ζjg(f−1)e

p )(ζkp + ζkge

p + · · ·+ ζkg(f−1)e

p )

may be rearranged into the sum

(ζj+kp + ζ(j+k)ge

p + · · ·+ ζ(j+k)g(f−1)e

p )+(ζj+gekp + ζ(j+gek)ge

p + · · ·+ ζ(j+gek)g(f−1)e

p )

+ · · ·+ (ζj+g(f−1)ekp + ζ(j+g(f−1)ek)ge

p + · · ·+ ζ(j+g(f−1)ek)g(f−1)e

p ) ,

which is equal to the sum of periods

(f, λµ) + (f, λµge

) + · · ·+ (f, λµg(f−1)e

) .

Note that by symmetry, this must also be equal to the sum

(f, λµ) + (f, λge

µ) + · · ·+ (f, λg(f−1)e

µ) .

Also note that some of these periods may be (f, 1) = f . ¤

28 DAVID SAVITT

Recall that the roots of the pth cyclotomic polynomial

Φp(z) =zp − 1z − 1

= zp−1 + · · ·+ z + 1

are the primitive pth roots of unity ζp, ζ2p , . . . , ζp−1. We saw in Theorem 1.15 that

Φp(z) is irreducible; this has the following consequences:

Corollary 4.5. If a1, . . . , ap−1 and b1, . . . , bp−1 are rational numbers and

(4.6) a1ζp + a2ζ2p + · · ·+ ap−1ζ

p−1p = b1ζp + b2ζ

2p + · · ·+ bp−1ζ

p−1p

then ai = bi for i = 1, 2, . . . , p− 1.

Proof. The identity (4.6) implies that ζp is a root of the polynomial

h(z) = (bp−1 − ap−1)zp−2 + · · ·+ (b2 − a2)z + (b1 − a1) .

By the exercise following this proof, h(z) must be divisible by Φp(z); since thedegree of h(z) is smaller than that of Φp(z), we must have h(z) = 0. ¤Exercise 4.7. If g(z), h(z) are polynomial with rational coefficients such thatg(r) = h(r) = 0, and if g(z) is irreducible, then g(z) divides h(z). (Considerthe GCD of g(z) and h(z).)

Corollary 4.8. If g(z) and h(z) are two polynomials with rational coefficients suchthat g(ζp) = h(ζp), then g(ζl

p) = h(ζlp) for any 1 ≤ l ≤ p− 1.

Proof. The difference g(z)−h(z) has ζp as a root. Applying Exercise 4.7 again, wesee that g(z)− h(z) must be divisible by Φp(z). Therefore g(z)− h(z) has each ζl

p

as a root as well. ¤Proposition 4.9 ([Gau66], art. 347). Suppose that g(x1, . . . , xf ) is a symmetricpolynomial in the variables x1, . . . , xf , with integer coefficients. If we substitutefor x1, . . . , xf the f roots contained in the period (f, ζk

p ), then the resulting valueg(ζk

p , ζkge

p , . . . , ζkg(f−1)e

p ) may be written as a sum of periods

A + A0(f, ζp) + A1(f, ζgp ) + · · ·+ Ae−1(f, ζge−1

)

for integers A,A0, . . . , Ae−1.

Proof. Write

g(ζkp , ζkge

p , . . . , ζkg(f−1)e

p ) = a + a1ζp + · · ·+ ap−1ζp−1p .

We need to prove that ai = agei for all i, where the subscripts are consideredmodulo p. By Corollary 4.8 applied with l = ge, we have

g(ζkge

p , ζkg2e

p , . . . , ζkgfe

p ) = a + a1ζge

p + · · ·+ ap−1ζ(p−1)ge

p .

Since g is symmetric, the order of the arguments does not affect the value of thepolynomial, and so

a + a1ζp + · · ·+ ap−1ζp−1p = a + a1ζ

ge

p + · · ·+ ap−1ζ(p−1)ge

p .

By Corollary 4.5, the result follows. ¤Corollary 4.10. Retaining the hypotheses of Proposition 4.9, if we substitute forx1, . . . , xf the f roots contained in the period (f, ζkl

p ) then the resulting value of gis equal to

A + A0(f, ζlp) + A1(f, ζgl

p ) + · · ·+ Ae−1(f, ζge−1l)


Proof. Immediate from Corollary 4.8. ¤

Corollary 4.11 ([Gau66], art. 348). Let g(z) be the polynomial whose roots arethe roots contained in the period (f, ζk

p ). Then the coefficients of g(z) are sums ofperiods of length f (plus an integer).

Proof. Immediate from Proposition 4.9, since the coefficients of g(z) are symmetricpolynomials in the roots. ¤

Example 4.12. Let g(z) be the polynomial whose roots are the roots containedin ((p− 1)/2, ζp). By Corollary 4.11, we can write

g(z) = R(z) + ((p− 1)/2, ζp)S(z) + ((p− 1)/2, ζgp )T (z)

for polynomials R,S, T with integer coefficients. By Corollary 4.10, the polynomialg′(z) whose roots are the roots contained in ((p− 1)/2, ζg

p ) must be

g′(z) = R(z) + ((p− 1)/2, ζgp )S(z) + ((p− 1)/2, ζp)T (z) .

Using the same proof as that of Proposition 4.9, we can prove a generalization:

Proposition 4.13 ([Gau66], art. 350). Suppose f ′ | f , and that the period (f, ζkp )

of length f breaks up into the periods

(f ′, ζkp ), (f ′, ζkge

p ), . . . , (f ′, ζkg(d−1)e

p )

where df ′ = f . If g(x1, . . . , xd) is a symmetric polynomial and we substitute forx1, . . . , xd the periods (f ′, ζk

p ), . . . , (f ′, ζkg(d−1)e

p ), then the resulting value may bewritten as a sum of periods

A + A0(f, ζp) + A1(f, ζgp ) + · · ·+ Ae−1(f, ζge−1

) .

We remark that Proposition 4.9 is precisely the case f ′ = 1 of Proposition 4.13.

Proof. The proof is precisely the same as that of Proposition 4.9, noting that if wereplace ζp by ζge

p in the period (f ′, ζkgie

p ), it becomes (f ′, ζkg(i+1)e

p ). ¤

Corollary 4.14 ([Gau66], art. 351). Suppose f ′ | f , and that the period (f, ζkp ) of

length f breaks up into the periods

(f ′, ζkp ), (f ′, ζkge

p ), . . . , (f ′, ζkg(d−1)e

p )

where df ′ = f . Then the polynomial whose roots are (f ′, ζkp ), . . . , (f ′, ζkg(d−1)e

p ) hascoefficients which are sums of periods of length f (plus an integer).

Proof. As with Corollary 4.11, the proof is immediate from Proposition 4.13, sincethe coefficients of the polynomial are symmetric polynomials in the roots. ¤

Corollary 4.14 is the general analogue of the computations in Section 1.3. Thisenables us to prove:

Theorem 4.15 ([Gau66], art. 365). If p is a Fermat prime (a prime of the form22m

+ 1), then the regular p-gon is constructible with straightedge and compass.

30 DAVID SAVITT

Proof. Corollary 4.14 shows that each period (2n, ζkp ) is the root of a quadratic

polynomial whose coefficients are sums of periods of length 2n+1. Since quadraticscan be solved by straightedge and compass, and since the period (22m

, ζp) = −1 isconstructible, it follows recursively that all shorter periods (2n, ζk

p ) are constructibleby straightedge and compass. In particular, the period (1, ζp) = ζp is constructible,and therefore so is the regular p-gon. ¤

Gauss remarks that when p is not a Fermat prime, so that p − 1 is divisible bya prime other than 2, then

we can show with all rigor that these higher-degree equations can-not be avoided in any way, nor can they be reduced to lower-degreeequations. The limits of the present work exclude this demonstra-tion here, but we issue this warning lest anyone attempt to achievegeometric constructions for sections other than the ones suggestedby our theory (e.g. sections into 7,11,13,19 etc parts) and so spendtime uselessly. [Gau66], art. 365

However, Gauss never published a proof of this claim; the first proof is now attrib-uted to Pierre Wantzel, and may be found in almost any algebra textbook.

4.2. Gauss Sums. We saw in the previous section that the periods ((p− 1)/2, ζp)and ((p − 1)/2, ζg

p ) will be the roots of a quadratic polynomial with integer coeffi-cients. In this section, we will give Gauss’s determination of this polynomial, andsome of its implications. These arguments can be found in articles 356 and 357 ofDisquisitiones.

We know that

((p− 1)/2, ζp) + ((p− 1)/2, ζgp ) = ζp + ζ2

p + · · ·+ ζp−1p = −1 ,

and so it remains to determine the product

((p− 1)/2, ζp) · ((p− 1)/2, ζgp ) .

We follow the strategy sketched in Exercise 1.2 in the case p = 17. By Proposition4.4, we have

((p−1)/2, ζp) · ((p−1)/2, ζgp ) = a((p−1)/2, 1)+a0((p−1)/2, ζp)+a1((p−1)/2, ζg

p )

for integers a, a0, a1 satisfying a + a0 + a1 = (p − 1)/2. By Corollary 4.8 appliedwith l = g, we have

((p−1)/2, ζgp )·((p−1)/2, ζg2

p ) = a((p−1)/2, 1)+a0((p−1)/2, ζgp )+a1((p−1)/2, ζg2

p )

and since ((p− 1)/2, ζg2

p ) = ((p− 1)/2, ζp) we get a0 = a1.As noted in Exercise 1.2, the roots contained in ((p − 1)/2, ζg

p ) are those of theform ζgi

p for i odd, that is, they are of the form ζkp for quadratic non-residues k

(mod 17). Therefore

((p− 1)/2, ζp) · ((p− 1)/2, ζgp ) =

∑

(k/p)=−1

((p− 1)/2, ζk+1p )

where the sum on the right-hand side is taken over quadratic non-residues k mod-ulo p. It follows that at most one of the periods on the right-hand side can be((p − 1/2), 1); indeed, a ≤ 1, and a = 1 and only if −1 is a quadratic non-residue(mod p).


Since a0 = a1 and a+a0 +a1 = (p− 1)/2, it follows that a ≡ (p− 1)/2 (mod 2);we conclude that −1 is a quadratic non-reside (mod p) if and only if a = 1 if andonly if (p − 1)/2 is odd if and only if p ≡ 3 (mod 4). This yields a sixth proof ofTheorem 2.1. Moreover, we have

(a, a0, a1) =

{(0, (p− 1)/4, (p− 1)/4) if p ≡ 1 (mod 4)(1, (p− 3)/4, (p− 3)/4) if p ≡ 3 (mod 4)

.

Since ((p−1)/2, 1) = (p−1)/2 and ((p−1)/2, ζp)+((p−1)/2, ζgp ) = −1, we obtain

((p− 1)/2, ζp) · ((p− 1)/2, ζgp ) =

{−(p− 1)/4 if p ≡ 1 (mod 4)(p + 1)/4 if p ≡ 3 (mod 4)

.

We conclude that the two periods ((p − 1)/2, ζp), ((p − 1)/2, ζgp ) are roots of the

quadratic equation

(4.16)

{x2 + x− (p− 1)/4 if p ≡ 1 (mod 4)x2 + x + (p + 1)/4 if p ≡ 3 (mod 4) .

The roots of these equations are −1±√p

2 if p ≡ 1 (mod 4) and −1±i√

p

2 if p ≡ 3(mod 4), and so the difference

(4.17) ((p− 1)/2, ζp)− ((p− 1)/2, ζgp ) =

{±√p if p ≡ 1 (mod 4)±i√

p if p ≡ 3 (mod 4) .

Exercise 4.18. Reformulate (4.17) as follows:p−1∑

k=1

(k

p

)ζkp =

{±√p if p ≡ 1 (mod 4)±i√

p if p ≡ 3 (mod 4) ..

The sum on the left-hand side is called a quadratic Gauss sum.

Exercise 4.19. Prove that the quadratic Gauss sum∑p−1

k=1

(kp

)ζkp is equal to the

exponential sump−1∑

k=0

ζk2

p .

(Hint: show that both sums are equal to 1 + 2((p− 1)/2, ζp).)

Exercise 4.20. Define the exponential sum

(4.21) τp(a) =p−1∑

k=0

ζak2

p .

If a is a quadratic residue mod p, show that τp(a) = τp(1). If a is a quadraticnon-residue mod p, show that

p−1∑

k=0

ζak2

p

is equal to 1 + 2((p− 1)/2, ζgp ) = −(1 + 2((p− 1)/2, ζg

p )). Conclude that

(4.22) τp(a) =(

a

p

)τp(1) .

32 DAVID SAVITT

It is natural to ask which sign holds in (4.17); for example, we saw in Section 1.3that when p = 17, (8, ζ17)− (8, ζ3

17) = +√

17. Gauss perceptively writes that “thesematters are on a higher level of investigation”; indeed, as we will see in Section4.4, the knowing the sign of the Gauss sum is essentially equivalent to quadraticreciprocity. We will give Gauss’s determination of the sign of the Gauss sum in thenext section.

For now, we give an interesting application of (4.17).

Definition 4.23. Let p∗ denote +p if p ≡ 1 (mod 4) and −p if p ≡ 3 (mod 4), sothat ((p − 1)/2, ζp) − ((p − 1)/2, ζg

p ) =√

p∗ for all p. This notation is common, ifnot standard.

Exercise 4.24. In the notation of Example 4.12, show that

2g(z) = (2R(z)− S(z)− T (z))±√p∗(S(z)− T (z))

and2g′(z) = (2R(z)− S(z)− T (z))∓√p∗(S(z)− T (z)) .

Exercise 4.25. Conclude that

4Φp(z) = (2R(z)− S(z)− T (z))2 − p∗(S(z)− T (z))2 .

In particular, this proves:

Proposition 4.26. If p ≡ 1 (mod 4), there exist polynomials G(z) and H(z) withinteger coefficients such that

4Φp(z) = G(z)2 − pH(z)2 ,

while if p ≡ 3 (mod 4), there exist polynomials G(z) and H(z) with integer coeffi-cients such that

4Φp(z) = G(z)2 + pH(z)2 ,

Exercise 4.27. What are the polynomials G(z),H(z) for p = 3, 5, 7, 11?

Exercise 4.28. Prove that the two highest terms of G(z) are 2z(p−1)/2 + z(p−3)/2,and that the highest term of H(z) is z(p−3)/2.

As promised in Section 3.1, we can use these ideas to prove quadratic reciprocityin the special case where p ≡ 1 (mod q):

Proposition 4.29. If p and q are primes and p ≡ 1 (mod q), then(

q∗

p

)= 1. It

follows that(

qp

)= (−1)(

p−12 )( q−1

2 ) .

Proof. Write 4Φq(z) = G(z)2 − q∗H(z)2. Since q | p− 1, there exist q− 1 elementsof order q (mod p). Since H(z) has degree (q − 3)/2, by Proposition 2.30 we canfind an element a of order q (mod p) such that H(a) 6≡ 0 (mod p). But Φq(a) =(aq − 1)(a− 1)−1 ≡ 0 (mod p), and so

G(a)2 − q∗H(a)2 ≡ 0 (mod p) ,

or equivalently(G(a)H(a)−1)2 ≡ q∗ (mod p) .

Hence(

q∗

p

)= 1 for all primes q | p−1. Since q∗ = (−1)

q−12 q and

(−1p

)= (−1)

p−12 ,

the second statement of the Proposition follows from the first. ¤


4.3. The sign of the Gauss sum. In this section, we will prove:

Theorem 4.30.p−1∑

k=0

ζk2

p =

{+√

p if p ≡ 1 (mod 4)+i√

p if p ≡ 3 (mod 4) ..

By Exercise 4.19, this immediately implies:

Corollary 4.31.p−1∑

k=1

(k

p

)ζkp =

{+√

p if p ≡ 1 (mod 4)+i√

p if p ≡ 3 (mod 4) ..

Gauss conjectured this result in May 1801; he finally found a proof in August1805, as noted in his mathematical diary:

At length, we achieved a demonstration of the very elegant theoremmentioned before in May, 1801, which we had sought for more thanfour years with all efforts.

Gauss’s proof was published in 1811 ([Gau11]). We provide a series of exerciseswhich follow Berndt and Evans’s treatment of the proof in [BE81]. The proofuses the so-called q-binomial coefficients (or Gaussian polynomials) to establish aproduct formula for the Gauss sum.

Definition 4.32. Set (q)n = (1 − q)(1 − q2) · · · (1 − qn), and define the Gaussianpolynomial [ n

m

]=

(q)n

(q)m(q)n−m.

Exercise 4.33. Prove that[

nm

]is a polynomial in the variable q.

Exercise 4.34. Prove the formula[ n

m

]=

[n− 1m− 1

]+ qm

[n− 1

m

]

for 1 ≤ m < n.

For a nonnegative integer n, define fn(q) =∑n

k=0(−1)k[

nk

].

Exercise 4.35. Use Exercise 4.34 to prove the recursion formula fn(q) = (1 −qn−1)fn−2(q) for n ≥ 2. Deduce that

(4.36) f2n(q) =n∏

j=1

(1− q2j−1) .

Our product formula for the Gauss sum rests on evaluating fp−1(ζp) in twodifferent ways. First:

Exercise 4.37. Use the identity 2j − 1 = p− 1− 2(p− j) in (4.36) to prove

fp−1(ζp) =(p−1)/2∏

r=1

ζ−rp (ζr

p − ζ−rp ) .

Conclude, using Exercise 1.3, that

(4.38) fp−1(ζp) = ζ−(p2−1)/8p (2i)(p−1)/2

(p−1)/2∏r=1

sin(2πr/p) .

34 DAVID SAVITT

On the other hand, we have

Exercise 4.39. Prove directly from the definition that[p− 1

m

](ζp) = (−1)mζ−m(m+1)/2

p .

Exercise 4.40. Use Exercise 4.39 to show

(4.41) fp−1(ζp) =p−1∑

k=0

ζ−k(k+1)/2p .

Exercise 4.42. Manipulate (4.41) by noting that

−k(k + 1)/2 ≡ (p− 1)2

k(k + 1) (mod p) ,

completing the square in the exponent, and using (4.22) to prove that

(4.43)p−1∑

k=0

ζk2

p = ζ(p2−1)/8p

((p− 1)/2

p

)fp−1(ζp) .

Exercise 4.44. Combine (4.38), (4.43), and a calculation of(

(p−1)/2p

)=

(−2p

)to

prove that

(4.45)p−1∑

k=0

ζk2

p = (−1)(p−1)(p−3)/8(2i)(p−1)/2

(p−1)/2∏r=1

sin(2πr/p) .

Exercise 4.46. Finally, note that the product of sines in (4.45) is positive; use(4.45) to prove that

∑p−1k=0 ζk2

p is positive if p ≡ 1 (mod 4), and is i times a positivereal if p ≡ 3 (mod 4). Use Exercises 4.18 and 4.19 to conclude that

p−1∑

k=0

ζk2

p =

{√p if p ≡ 1 (mod 4)

i√

p if p ≡ 3 (mod 4).

This completes the proof of Theorem 4.30.

Exercise 4.47. Note that we have also shown(p−1)/2∏

r=1

sin(2πr/p) =√

p

for all primes p.

4.4. Gauss sums for Composite Moduli and Quadratic Reciprocity. In hisarticle [Gau11], Gauss considered the exponential sum

τn(a) =n−1∑

k=0

ζak2

n

for composite n as well as prime n; this is necessary for Gauss’s fourth proof ofquadratic reciprocity via Gauss sums. We will prove:

Theorem 4.48. If n is an odd positive integer, then

τn(1) =n−1∑

k=0

ζk2

n =

{√n if n ≡ 1 (mod 4)

i√

n if n ≡ 3 (mod 4) ..


Gauss’s proof, which we follow from [BEW98], follows the same outline for com-posite n as it does in the prime case: prove a product formula for a value of fn−1;relate this value of fn−1 to the desired exponential sum, to determine its sign; andseparately compute the magnitude of the exponential sum, thereby pinning downits exact value. It turns out that we want to use fn−1(ζ−2

n ) rather than fn−1(ζn):this erases the −1/2 in the exponent −k(k + 1)/2 of Exercise 4.40, which would bedifficult to deal with because we do not have an analogue of (4.22) in the compositecase. It is in this step, and in determining the magnitude of the exponential sum,that we used the primality of p.

We first note that the product formula is essentially unchanged in the compositecase:

Exercise 4.49. Observe that the argument in Exercise 4.37 did not make use ofthe primality of p; show that

(4.50) fn−1(ζ−2n ) = ζ(n2−1)/4

n (−2i)(n−1)/2

(n−1)/2∏r=1

sin(4πr/n) .

Now we relate the product formula to the exponential sum:

Exercise 4.51. Verify, as in Exercise 4.40, that

fn−1(ζ−2n ) =

n−1∑

k=0

ζk(k+1)n .

Note that k(k + 1) ≡ (k + (n + 1)/2)2 − (n + 1)2/4 (mod n), and show that

(4.52) fn−1(ζ−2n ) = ζ−(n+1)2/4

n

n−1∑

k=0

ζk2

n .

Exercise 4.53. Combine (4.50) and (4.52) to obtain

(4.54)n−1∑

k=0

ζk2

n = (−2i)(n−1)/2

(n−1)/2∏r=1

sin(4πr/n) .

Exercise 4.55. Verify that sin(4πr/p) > 0 if r < n/4 and sin(4πr/p) < 0 ifn/4 < r ≤ (n − 1)/2. Deduce that the product of sines in (4.54) is positive ifn ≡ 1, 7 (mod 8) and negative if n ≡ 3, 5 (mod 8). Conclude that the right-handside of (4.54) is a positive real number if n ≡ 1 (mod 4) and i times a positive realnumber if n ≡ 3 (mod 4).

Finally, we must show that in the composite case we still have∣∣∣∑n−1

k=0 ζk2

n

∣∣∣ =√

n.Observe that

∣∣∣∣∣n−1∑

k=0

ζk2

n

∣∣∣∣∣ =

∣∣∣∣∣∣

(n−1)/2∏

j=1

(1− ζ−2(2j−1)

n

)∣∣∣∣∣∣

=

∣∣∣∣∣∣

(n−1)/2∏

j=1

(1− ζ−(2j−1)

n

)∣∣∣∣∣∣·∣∣∣∣∣∣

(n−1)/2∏

j=1

(−1− ζ−(2j−1)

n

)∣∣∣∣∣∣

(4.56)

by (4.52) and (4.36).

36 DAVID SAVITT

Exercise 4.57. Note that for each 1 ≤ l ≤ n− 1, the first product in the last lineof (4.56) contains a term which is equal to 1 − ζj

n for exactly one of j = l, n − l.Similarly, for each 1 ≤ l ≤ n − 1, the second product in the last line of (4.56)contains a term which is equal to −1 − ζj

n for exactly one of j = l, n − l. Provethe identities |1− ζl

n| = |1− ζn−ln | and | − 1− ζl

n| = | − 1− ζn−ln |, and use them to

deduce that

(4.58)

∣∣∣∣∣n−1∑

k=0

ζk2

n

∣∣∣∣∣

2

=

∣∣∣∣∣∣

n−1∏

j=1

(1− ζj

n

)∣∣∣∣∣∣

∣∣∣∣∣∣

n−1∏

j=1

(−1− ζjn

)∣∣∣∣∣∣

.

Since∏n−1

j=1

(z − ζj

n

)= zn−1 + zn−2 + · · ·+ z + 1, conclude that

(4.59)

∣∣∣∣∣n−1∑

k=0

ζk2

n

∣∣∣∣∣

2

= n

Finally, (4.59) and Exercise 4.55 together complete the proof of Theorem 4.48.Gauss’s fourth proof of quadratic reciprocity is now almost immediate. Following

[Lem00], we show:

Lemma 4.60. If m and n are relatively prime, we have

τmn(a) = τm(an)τn(am) .

Proof. Since m and n are relatively prime, we can write each 0 ≤ k ≤ mn − 1 ask = αm + βn; moreover, as k runs from 0 to mn − 1, the pairs (α, β) run over allmn distinct pairs of α (mod n) and β (mod m). Therefore

τmn(a) =mn−1∑

k=0

ζak2

mn

=n−1∑α=0

m−1∑

β=0

ζa(αm+βn)2

mn

=n−1∑α=0

m−1∑

β=0

ζaα2m2+aβ2n2

mn

=

(n−1∑α=0

ζaα2m2

mn

)(m−1∑α=0

ζaα2n2

mn

)

= τn(am)τm(an)

since ζmmn = ζn and ζn

mn = ζm. ¤

Now if p and q are distinct odd primes, we have

(4.61) τpq(1) = τq(p)τp(q) =(

p

q

)(q

p

)τq(1)τp(1)

using Lemma 4.60 and (4.22). If p, q ≡ 1 (mod 4), then Theorem 4.48 impliesτpq(1) =

√pq, τp(1) =

√p, and τq(1) =

√q; therefore

(pq

)(qp

)= 1. If p ≡ 1

(mod 4) and q ≡ 3 (mod 4), then Theorem 4.48 implies τpq(1) = i√

pq, τp(1) =√

p,

and τq(1) = i√

q; once again(

pq

)(qp

)= 1. Finally, if p ≡ 1 (mod 4) and q ≡ 3


(mod 4), then Theorem 4.48 implies τpq(1) =√

pq, τp(1) = i√

p, and τq(1) = i√

q;

so (4.61) tells us that(

pq

)(qp

)= −1. This proves quadratic reciprocity.

4.5. Cubic periods.

5. Gauss’s First Proof of the Fundamental Theorem of Algebra

References

[BE81] Bruce C. Berndt and Ronald J. Evans, The determination of Gauss sums, Bull. Amer.Math. Soc. (N.S.) 5 (1981), no. 2, 107–129.

[BEW98] Bruce C. Berndt, Ronald J. Evans, and Kenneth S. Williams, Gauss and Jacobi sums,Canadian Mathematical Society Series of Monographs and Advanced Texts, John Wiley& Sons Inc., New York, 1998.

[Car60] L. Carlitz, A note on Gauss’ first proof of the quadratic reciprocity theorem, Proc.Amer. Math. Soc. 11 (1960), 563–565.

[Cox77] H. S. M. Coxeter, Gauss as a geometer, Historia Math. 4 (1977), no. 4, 379–396.[Dun04] G. Waldo Dunnington, Carl Friedrich Gauss, Titan of science, MAA Spectrum, Math-

ematical Association of America, Washington, DC, 2004, Reprint of the 1955 original[Exposition Press, New York], With an introduction and commentary by Jeremy Gray,With a brief biography of the author by Fritz-Egbert Dohse.

[Eul63] Leonhard Euler, Novi comm. acad. Petrop., no. 8, 105–28.[Gau08] Carl Friedrich Gauss, Commentationes Societatis Regiae Scientiarum Gottingensis, vol.

Vol. 16, Gottingen, 1808.[Gau11] , Summatio quarumdam serierum singularium, Comment. Soc. Reg. Sci. Got-

tingensis 1 (1811).[Gau66] , Disquisitiones arithmeticae, Translated into English by Arthur A. Clarke, S.

J, Yale University Press, New Haven, Conn., 1966.[Lag75] Joseph-Louis Lagrange, Nouv. mem. acad. Berlin, 352ff.[Leg98] Adrien Marie Legendre, Essai sur la theorie des nombres, Duprat, 1798.[Lem00] Franz Lemmermeyer, Reciprocity laws, from Euler to Eisenstein, Springer Monographs

in Mathematics, Springer-Verlag, Berlin, 2000.[Smi59] David Eugene Smith, A source book in mathematics, 2 vols, Dover Publications Inc.,

New York, 1959.

Documents

THE MATHEMATICS OF GAUSS Introduction Carl Friedrich Gauss